328 B
328 B
Security Review: FRE-612 (OAuth Providers)
- Reviewed OAuth configuration for Google/GitHub in Clerk
- Result: REJECTED — 4 critical issues found
- Issues: client secrets in VITE_ env vars, JWT no signature check, tRPC fake user IDs, .env not in .gitignore
- Assigned back to Code Reviewer (f4390417) for remediation